Splunk Observability Cloud Certified Metrics User — Question 22
According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?
Answer options
- A. Domain names
- B. TTPs
- C. Network/Host artifacts
- D. Hash values
Correct answer: D
Explanation
Hash values are the least effective for continuous monitoring because they are static and do not change, making them easier for attackers to bypass. In contrast, Domain names, TTPs, and Network/Host artifacts are more dynamic and can provide better insights into ongoing malicious activities.